ImpersonationHackers often impersonate the user or the service provider to get into a network. This method is possible when no verification is performed to verify that each party is what or who it claims to be. There are two ways to prevent this kind of impersonation:
- Use authentication protocols (for example, OAUTH 2).
- Share a piece of data that is known only to the parties involved and therefore is called a shared secret.
Hardware attackAnother method for hijacking or maliciously modifying data is a physical attack on hardware components of IoT devices that operate in unattended outdoor environments. It’s not possible to prevent these attacks, but it is possible to make them futile by encrypting any sensitive information stored on the device, making the data meaningless for attackers. You can protect against data tampering by adding an encrypted signature that guarantees its validity. Libsecurity enables you to implement this level of protection through an easy-to-use interface.
Data confidentialityHackers or other occasional curious users attempt to steal or “take a peak” at sensitive data on IoT devices. Once they’re logged on, they try to find and read/update files on the device that contain data they are not supposed to see or change. Data confidentiality is a fundamental challenge in IoT devices. These devices must provide means to verify that an entity (whether a person or another device) is authorized to access the resource for read/update or even restart. An access control list (ACL) mechanism provides this requirement. It allows you to attach to each resource a set of permissions with a list of users or groups that have those permissions. Libsecurity provides a flexible and easy-to-use ACL mechanism.
More connectivity, more securityIoT is quickly becoming a part of almost every aspect of our lives, and it’s here to stay. The number and variety of devices and the complex, diverse environments that incorporate IoT devices pose new challenges for security and privacy. The sheer scale, along with a lack of priority for security during the IoT development process has given motivated hackers a head start. IoT security is one of the major issues facing us in the digital age. Fortunately, help is here. The new IBM libsecurity library provides a collection of easy-to-use tools for password protection, authentication, authorization, secure storage, and more. Libsecurity gives you a powerful tool in the fight against the hackers who are looking to do you and your systems harm. With libsecurity, you can engage with the Internet of Things safely and securely.
Note: Dov Murik and Shmulik Regev, IBM security experts and libsecurity project developers who provided content for this post, are presenting at IBM Interconnect 2016! Check the conference site for more details.